Hacking your Smart Meter - Part 1 - Zigbee
By @edent
· electricity IoT Smart Home zigbee · 11 comments · 400 words · read ~19,458 times.
I have a new Smart Meter to measure my electricity and gas usage. It's the Honeywell AS302P.
It's a SMETS2 meter, which means it has a number of interesting features.
- ALCS (Auxiliary Load Control Switch) - this means that a car charger can be remotely started and stopped based on network demand.
- DCC connection - this means it can report back to my energy supplier every 30 minutes, and I can swap between providers quickly.
- High resolution usage - this means I can be charged on multiple time of day tariffs.
But, most importantly to me, it is Zigbee certified.
The meter offers ZigBee Communications for tunnelling information to the Comms Hub and to provide Customer Information for use with Type 1 or Type 2 Devices.
This means it can connect to a HAN (Home Area Network) using the ZigBee Smart Energy Profile (SEP) Version 1.2. This is the thing which sends data to your in-home display hub.
So, can we connect anything to the Smart Meter?
Our first stop is the Honeywell AS302P Manual. The UI of the meter is dreadful. There are two buttons:
- A - the select button
- B - the scroll down button
In order to go "back" in the menu, you need to scroll down to the menu item which says back and then hit A.
There's lots of info in there. I've redacted the PAN, XPAN, Network Info, and EUID for privacy: 
But here's the interesting one - the ability to leave the existing network! 
I'm not yet brave enough to press it. First, I need to buy a Zigbee receiver and learn how the software works. Wish me luck!
@Edent This post implies that you have to get the meter to leave the Zigbee network to join one you create (and listen on).Is that the case? Or can you listen in on the meter's output without changing anything ok the meter itself?I'd be worried about disconnecting the meter from the existing network and breaking my electricity billing somehow! At this point, perhaps you haven't got far enough to know yet 😄
You will want to read this! (GBCS is the specification for SMETS2 meter communication): smartenergycodecompany.co.uk/download/15129/
Splendid - I shall watch this with interest... though from the threads I've read I fear you may be in for some disappointment.
This one, for example, isn't encouraging: https://www.reddit.com/r/homeassistant/comments/b65pdr/smart_utility_meters_zigbee/
But I haven't been following it closely. I do have two Zigbee networks at home connected to Home Assistant, and I'm keen to try this in due course; I've been holding off on getting a smart meter in the hope that each successive standard will be more open and capable...
How did you find the PIN to access the engineering menu?
I didn't need a PIN to enter it.
David says:
Sorry to jump into an old post, has anyone tried opening up the display hub? I'm wondering if it has a serial port inside which I could just scrape the data off instead.
@edent says:
I've opened it - here's a photo of the debug port I found
I don't know how to get data off it.
You won’t be able to join a device to the HAN (to read usage data) without whitelisting the device MAC in the hub and then putting into pairing mode, both of which can only be done remotely by the DCC/Your Energy Provider. It’s an encrypted network
Hi Terence, did you get any further with this? I don't want to futz around with any meter settings but I'd like to tap into the same feed the In-home display is using!
@edent says:
Nope! It was easier for me to get the data via my energy provider's HTTP API.
You might be able to get them from https://data.n3rgy.com/consumer/home